/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package control.servlet;

import control.Connection;
import control.UserDAO;
import java.io.IOException;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import model.Pages;
import model.User;
import utils.Security;

/**
 *
 * @author fred
 */
public class EditPassword extends HttpServlet {

    private boolean checkParameter(String parameter) {
        return (parameter != null) && (!parameter.equals(""));
    }

    /**
     * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");

        HttpSession session = request.getSession();

        // Indicates whats the next page
        Pages nextPage = Pages.PROFILE;

        String oldPassword = request.getParameter("oldPassword");
        String newPassword = request.getParameter("newPassword");
        String newPasswordConf = request.getParameter("newPasswordConf");

        if (!checkParameter(oldPassword) || !checkParameter(newPassword)
                || !checkParameter(newPasswordConf) ) {
            session.setAttribute("message", "The modification has not been "
                    + "successfully accomplished!<br />Please check the "
                    + "informations and try again.");
            nextPage = Pages.EDITPASSWORD;
        } else {
            try {
                User user = null;
                Object obj = session.getAttribute("user");
                if (obj != null)
                    user = (User) obj;
                
                if (user != null) {
                    // checks old password
                    if (user.getPassword().equals(Security.hashString(oldPassword))) {
                        // checks new password
                        if (newPassword.equals(newPasswordConf)) {
                            user.setPassword(Security.hashString(newPassword));
                            
                            Connection con = new Connection();
                            UserDAO userDAO = new UserDAO(con);
                            
                            if (userDAO.editUser(user)) {
                                session.setAttribute("message", "Password changed successfully");
                                nextPage = Pages.PROFILE;
                            } else {
                                session.setAttribute("message", "Password could not be changed");
                                nextPage = Pages.EDITPASSWORD;
                            }
                        } else {
                            session.setAttribute("message", "Passwords are different.");
                            nextPage = Pages.EDITPASSWORD;
                        }
                    } else {
                        session.setAttribute("message", "Old Password is incorrect.");
                        nextPage = Pages.EDITPASSWORD;
                    }
                }
                else
                    nextPage = Pages.HOME;
            } catch (ClassNotFoundException ex) {
                session.setAttribute("message", "Problem accessing the database "
                        + "with following message: " + ex.getMessage());
                nextPage = Pages.EDITPASSWORD;
            } catch (SQLException ex) {
                session.setAttribute("message", "Problem accessing the database "
                        + "with following message: " + ex.getMessage());
                nextPage = Pages.EDITPASSWORD;
            } finally {
                response.sendRedirect("index.jsp?op=" + nextPage);
            }
        }
    }

    // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
    /**
     * Handles the HTTP <code>GET</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        processRequest(request, response);
    }

    /**
     * Handles the HTTP <code>POST</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        processRequest(request, response);
    }

    /**
     * Returns a short description of the servlet.
     * @return a String containing servlet description
     */
    @Override
    public String getServletInfo() {
        return "Short description";
    }// </editor-fold>
}
